Unchained Podcast – "How AI Agents Hacked Smart Contracts for $1 Apiece"

DEX in the City – Ep. 975
Host: Laura Shin
Panel: Jesse (Web3 prosecutor turned Web3 protector, Ribbit Capital); V (formerly SEC, now Web3); Katherine/KK (host, formerly legal at DCM, now Starkware)
Date: December 11, 2025

Episode Overview

This episode covers the transformative risks and opportunities facing crypto—especially at the intersection of decentralized finance (DeFi), regulation, and the emerging threats posed by AI agents. The panelists discuss:

• Citadel Securities' forceful comment letter to the SEC on tokenized equities and DeFi protocols.
• Major regulatory moves by the CFTC, including allowing spot crypto trading on futures exchanges and piloting tokenized collateral.
• A groundbreaking Anthropic study demonstrating how autonomous AI agents can independently and inexpensively hack smart contracts.
• The ongoing tension between innovation, security, and investor protection.
• Community highlights, including advocacy and crypto philanthropy.

Main Discussion Points and Insights

1. Citadel Securities’ Comment Letter to the SEC

• Context: Citadel, a dominant TradFi player, submitted a comment letter about tokenized equities and DeFi market structure.

• Why the Letter? Citadel is aiming to influence SEC rulemaking as the agency considers a "DeFi Innovation Exemption." Their worry: regulatory exemptions for DeFi may undermine incumbents.

• Citadel’s Position:

  • Supports tokenization with strong safeguards.
  • Argues all tokenized equity trading—even on-chain—should be under full securities regs.
  • Asks the SEC to:
    • Clearly identify all intermediaries (including in DeFi).
    • Refuse broad exemptions for DeFi protocols.
    • Make any regulatory changes via full notice/comment rulemaking—not ad hoc special exemptions.

• Panel Reaction:

  • V: “Asking for regulatory clarity through a proper rulemaking process is literally what the crypto industry was asking Gensler for for four years. And there’s nothing unreasonable about that, right?” (06:57)
  • Jesse: Critiques Citadel’s defense of intermediaries: “Of course they want to maintain a system that’s based on intermediaries. Like, it would just destroy their moat if DeFi was able to operate without any intermediaries.” (11:18)
  • KK: Stresses TradFi’s perspective and political influence, highlighting the need for greater crypto advocacy outside its “bubble.”

• Key Insight: Citadel’s stance boils down to protecting existing centralized power, reflecting tension between legacy finance and DeFi's disruptors.

2. Regulatory Developments – CFTC Action

a) Allowing Spot Crypto on Futures Exchanges (DCMs)

• News: CFTC’s Acting Chair Caroline Pham announced that designated contract markets (futures exchanges, or DCMs) can now list spot crypto products—paving the way for more regulated access.

• Details:

  • First leveraged retail spot crypto exchange (Bitnomial) has already launched.
  • DCMs can operate spot and derivatives trading under federal preemption, bypassing state-by-state licensing headaches.
  • Not many DCMs exist, so there’s no imminent flood, but competitive dynamics are shifting.

• Panel Takeaways:

  • KK: “Now it’s official. And we have already seen Bitnomial launching the first ever leverage spot crypto exchange.” (21:15)
  • Jesse: Notes CFTC and SEC seem engaged in a “race to regulate,” each demonstrating capability to handle crypto markets.
  • V: “It’s kind of like the CFTC’s Project Crypto... if you don’t show you can do a good job, you’re going to get fired.” (28:00)

b) Tokenized Collateral Pilot Program

• News: CFTC to pilot use of ETH, BTC, and USDC as tokenized collateral in derivatives markets.

• Rationale: More efficient settlement, transparency, and capital efficiency—pushing trad markets toward blockchain integration.

• Panel Sentiment: Excitement and optimism, especially since these programs make “finance better” and weaken the “crypto is unregulated” narrative.

3. AI Agents and Smart Contract Security (Anthropic Study)

• Summary of Findings:

  1. Anthropic ran AI agents (using Claude) in a blockchain simulator.
  2. Agents autonomously scanned real exploited smart contracts and recreated exploits, generating “hundreds of millions” in simulated losses.
  3. Agents independently found and exploited vulnerabilities in fresh, previously unknown contracts (i.e, zero-days).
  4. Cost per contract exploited: ~$1—making mass, automated attacks trivially affordable.

• Key Quotes:

  • Jesse: “Agents aren’t just assisting hackers anymore, but rather they can be the hacker. They’re creating and running an entire exploit from end to end, the same way that a sophisticated human actor would, but they’re doing it faster, cheaper, and with endless stamina.” (33:52)
  • Jesse: “If you put a smart contract out there that controls funds, you have to know it’s perfect because an attacker can now spend a dollar to surface every latent issue and continuously harvest and automate a hacking machine.” (38:40)

• Big Risks:

  • “End of passive security.” Projects must move toward active, persistent defense and swift, automated response measures.
  • Future: When AI agents operate day-to-day onchain (for trading, governance, etc.), the threat landscape is radically amplified.

• Panel Reflection:

  • KK: “We need to start looking down the pipeline and see what’s coming for us on the security sphere to make sure we’re prepared.” (41:18)

4. Perspective on Crypto Advocacy and TradFi Influence

• Bubble Problem:

  • Crypto insiders often overlook how foreign their worldview seems to powerful TradFi incumbents and regulators.
  • KK: “Crypto is a bubble. We’re all hanging out with each other all the time…that might be troubling to crypto... It is a refresher and a reminder that how we think and view these issues is not how a lot of very powerful people and entities think and view these issues. So we still have work to do to educate.” (13:35)

• Best Practices:

  • Jesse and V stress the importance of balancing performance with robust investor protections, such as order execution rules to prevent MEV abuses.

5. Community Updates and Philanthropy

• Samurai Wallet Case:

  • V reminds listeners of the ongoing legal risk to developers, urging them to support a pardon petition for a developer sentenced under money transmission laws (41:42).

• Crypto Philanthropy:

  • Jesse spotlights major donations by crypto companies to support victims of a devastating Hong Kong fire: “It just sort of shows that, like, in all the crap and in all the news, like, there’s a lot of good things and good people happening.” (44:21)

Notable Quotes & Timestamps

• Jesse on Citadel’s Motives:
  “Of course they want to maintain a system that’s based on intermediaries. Like, it would just destroy their moat if DeFi was able to operate without any intermediaries.” (11:18)

• V on Regulatory Clarity:
  “Asking for regulatory clarity through a proper rulemaking process is literally what the crypto industry was asking Gensler for for four years. And there’s nothing unreasonable about that, right?” (06:57)

• KK on AI Security Paradigm Shift:
  “The security paradigm has changed because agents aren’t just assisting hackers anymore, but rather they can be the hacker.” (33:52)

• Jesse on AI Agent Capabilities:
  “The big story to me is not like AI can hack smart contracts. Like, okay, we sort of knew that. What does that mean? …these agents can reason, iterate, use dev tooling and autonomously execute a full chain attack from start to finish in a faster and cheaper way than humans.” (38:30)

Key Segments (Timestamps)

• 02:50 – Citadel’s SEC letter: Motivations and implications
• 09:01 – TradFi’s influence and confusion in crypto regulation
• 13:35 – The crypto "bubble" and advocacy gap
• 15:14 – The imperative for market integrity and investor protection on chain
• 19:39 – CFTC’s big step: Spot crypto on DCMs explained
• 26:54 – DCM license landscape; CFTC vs. SEC “race to regulate”
• 33:47 – Anthropic’s AI agent security study walkthrough
• 41:42 – Community update: Samurai Wallet case and developer risks
• 44:00 – Crypto philanthropy after the Hong Kong fire

Memorable Moments

• “If you put a smart contract out there that controls funds, you have to know it’s perfect because an attacker can now spend a dollar to surface every latent issue and continuously harvest and automate a hacking machine.” — Jesse (38:40)
• “Crypto is a bubble. We’re all hanging out with each other all the time… a problem from an advocacy perspective.” — KK (13:35)
• “Now it’s official. And we have already seen Bitnomial launching the first ever leverage spot crypto exchange.” — KK (21:15)
• “I don’t want to say it’s just the CFTC…but this is a narrative of crypto’s unregulated... And that narrative can fall apart when you see actively regulated institutions doing this in a way that makes finance better.” — Jesse (29:30)

Overall Tone

Engaged, slightly irreverent, insider-y yet accessible, with a blend of optimism, pragmatism, and healthy paranoia, especially around security and regulatory headwinds.

Summary

This episode expertly tracks the evolving fault lines between crypto innovation, established financial power, and the next wave of technological risk. The panel interweaves legal, technical, and community perspectives, with a spotlight on how AI fundamentally alters the threat model for DeFi. Listeners get concrete regulatory updates, critical risk warnings, and a reminder that despite dispute and disruption, the crypto ecosystem continues to generate real-world impact—for better and for worse.